package com.microservice.salmon.oauth.config;

import com.microservice.salmon.oauth.client.ClientCheckConfig;
import com.microservice.salmon.oauth.code.SecurityConstants;
import com.microservice.salmon.oauth.code.ValidateCodeSecurityConfig;
import com.microservice.salmon.oauth.mobile.SmsCodeAuthenticationSecurityConfig;
import com.microservice.salmon.oauth.properties.SecurityProperties;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.oauth2.config.annotation.web.configuration.EnableResourceServer;
import org.springframework.security.oauth2.config.annotation.web.configuration.ResourceServerConfigurerAdapter;
import org.springframework.security.web.authentication.AuthenticationFailureHandler;
import org.springframework.security.web.authentication.AuthenticationSuccessHandler;

/**
 * @author wanghongqing
 */
@Configuration
@EnableResourceServer
public class ResourceServerConfig extends ResourceServerConfigurerAdapter {

    @Autowired
    protected AuthenticationSuccessHandler salmonAuthenticationSuccessHandler;

    @Autowired
    protected AuthenticationFailureHandler salmonAuthenticationFailureHandler;

    @Autowired
    private SmsCodeAuthenticationSecurityConfig smsCodeAuthenticationSecurityConfig;


    @Autowired
    private ValidateCodeSecurityConfig validateCodeSecurityConfig;

    @Autowired
    private ClientCheckConfig clientCheckConfig;

    @Autowired
    private SecurityProperties securityProperties;

    @Override
    public void configure(HttpSecurity http) throws Exception {
        http.formLogin().loginPage(SecurityConstants.DEFAULT_UNAUTHENTICATION_URL)
                .loginProcessingUrl(SecurityConstants.DEFAULT_LOGIN_PROCESSING_URL_FORM)
                .successHandler(salmonAuthenticationSuccessHandler)
                .failureHandler(salmonAuthenticationFailureHandler);
        http
                .apply(clientCheckConfig)
                .and()
                .apply(validateCodeSecurityConfig) // 短信验证码以及图片验证码校验过滤器的配置
                .and()
                .apply(smsCodeAuthenticationSecurityConfig) //短信验证码的认证配置
                .and()
                .csrf().disable()
                .authorizeRequests()
                .antMatchers(
                    SecurityConstants.DEFAULT_UNAUTHENTICATION_URL,
                    SecurityConstants.DEFAULT_LOGIN_PROCESSING_URL_MOBILE,
                    SecurityConstants.DEFAULT_LOGIN_PROCESSING_URL_SOCIAL,//社交登录请求地址
                    securityProperties.getBrowser().getLoginPage(),//登录地址
                    SecurityConstants.DEFAULT_VALIDATE_CODE_URL_PREFIX+"/*",//验证码相关
                    securityProperties.getBrowser().getSignUpUrl(), // 此配置来处理社交登录成功的回调地址
                    securityProperties.getBrowser().getSession().getSessionInvalidUrl(),
                    securityProperties.getBrowser().getSignOutUrl(), // 注销地址
                        "/v2/api-docs"
                )
                .permitAll()
                .anyRequest().authenticated();
    }
}
